First, we need to know that static Web pages cannot be injected. The so-called html injection is actually the same as asp SQL injection, including PHP (in the same principle ). Some websites, especially the html static pages used by some large websites, in fact, a large part may be the dynamic conversion of the background to the static page of the foreground (adding Foreground Data through the background management to generate the html page of the foreground)
What we need to do is to find dynamic pages on static pages. Only by finding the link to the dynamic page can we inject it, and the injection success rate is quite high. If you don't search for the website, you don't have any hope of success because the website's surface is filtered out. China Network Management Alliance www, bitsCN, com
Method: Click to enter a link, view the source code on the current page, and search? Asp ??, When XXX. asp is found? When XXid = XX type link, use the injection tool to detect it.
When a link cannot be searched or cannot be injected, replace other links to continue the detection. Here, we need patience, perseverance, and time.
Today's diary is here. I hope you can actively discuss and practice it after reading it.
In addition, I do not want to follow my post? Top ?,? Okay ?,? Good? And so on. You can read more materials and practice more at this time.
Supplement: required injection tools include NB, a D injection tool, mingxiao Domain3.5, and Guilin veteran WEB comprehensive detection tool 2.8